Updated December 23, 2021
Ericsson is actively responding to vulnerabilities in the open-source Apache logging library Log4j.
Immediate activities have been initiated in response to CVE-2021-44228 (log4shell) and have since then also included CVE-2021-4104, CVE-2021-45046 and CVE-2021-45105 where applicable.
We continue to monitor the evolving situation and account for it in our impact analysis and response.
Any impact on our product portfolio is being investigating and we are taking actions to resolve any issues that are identified with the highest priority. These actions also involve Ericsson’s corporate environment to resolve any issues that are identified. Our priority is always to ensure that our customers are protected.
Ericsson understands the crucial importance of this issue and the need to provide a complete response for all Ericsson products as soon as possible.
Ericsson has a long history of systematically incorporating security and privacy considerations into all relevant aspects of our operations including all phases of our product value flow. Our efforts in this area follow a well-established internal control framework known as the Security Reliability Model (SRM) and the ISO 27001 Framework. The SRM enables a managed, risk-based approach to security and privacy implementation where requirements are tailored to the target environment and demands.
All security related concerns for existing customers are handled through the regular Customer Support channels.
For additional information see Ericsson PSIRT